Project

General

Profile

Download (75.5 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	Copyright (C) 2004-2009 Scott Ullrich <sullrich@gmail.com>
4
	All rights reserved.
5

    
6
	originally part of m0n0wall (http://m0n0.ch/wall)
7
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8
	All rights reserved.
9

    
10
	Redistribution and use in source and binary forms, with or without
11
	modification, are permitted provided that the following conditions are met:
12

    
13
1. Redistributions of source code must retain the above copyright notice,
14
	this list of conditions and the following disclaimer.
15

    
16
	2. Redistributions in binary form must reproduce the above copyright
17
	notice, this list of conditions and the following disclaimer in the
18
	documentation and/or other materials provided with the distribution.
19

    
20
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29
	POSSIBILITY OF SUCH DAMAGE.
30
	*/
31

    
32
/*
33
	pfSense_BUILDER_BINARIES:	/usr/bin/find	/bin/cd	/usr/local/bin/rrdtool	/usr/bin/nice
34
	pfSense_MODULE:	config
35
*/
36

    
37
if(!function_exists("dump_rrd_to_xml")) 
38
	require("rrd.inc");
39

    
40
/* Upgrade functions must be named:
41
*    upgrade_XXX_to_YYY
42
	* where XXX == previous version, zero padded, and YYY == next version, zero padded
43
	*/
44
function upgrade_010_to_011() {
45
	global $config;
46
	$opti = 1;
47
	$ifmap = array('lan' => 'lan', 'wan' => 'wan', 'pptp' => 'pptp');
48

    
49
	/* convert DMZ to optional, if necessary */
50
	if (isset($config['interfaces']['dmz'])) {
51

    
52
		$dmzcfg = &$config['interfaces']['dmz'];
53

    
54
		if ($dmzcfg['if']) {
55
			$config['interfaces']['opt' . $opti] = array();
56
			$optcfg = &$config['interfaces']['opt' . $opti];
57

    
58
			$optcfg['enable'] = $dmzcfg['enable'];
59
			$optcfg['descr'] = "DMZ";
60
			$optcfg['if'] = $dmzcfg['if'];
61
			$optcfg['ipaddr'] = $dmzcfg['ipaddr'];
62
			$optcfg['subnet'] = $dmzcfg['subnet'];
63

    
64
			$ifmap['dmz'] = "opt" . $opti;
65
			$opti++;
66
		}
67

    
68
		unset($config['interfaces']['dmz']);
69
	}
70

    
71
	/* convert WLAN1/2 to optional, if necessary */
72
	for ($i = 1; isset($config['interfaces']['wlan' . $i]); $i++) {
73

    
74
		if (!$config['interfaces']['wlan' . $i]['if']) {
75
			unset($config['interfaces']['wlan' . $i]);
76
			continue;
77
		}
78

    
79
		$wlancfg = &$config['interfaces']['wlan' . $i];
80
		$config['interfaces']['opt' . $opti] = array();
81
		$optcfg = &$config['interfaces']['opt' . $opti];
82

    
83
		$optcfg['enable'] = $wlancfg['enable'];
84
		$optcfg['descr'] = "WLAN" . $i;
85
		$optcfg['if'] = $wlancfg['if'];
86
		$optcfg['ipaddr'] = $wlancfg['ipaddr'];
87
		$optcfg['subnet'] = $wlancfg['subnet'];
88
		$optcfg['bridge'] = $wlancfg['bridge'];
89

    
90
		$optcfg['wireless'] = array();
91
		$optcfg['wireless']['mode'] = $wlancfg['mode'];
92
		$optcfg['wireless']['ssid'] = $wlancfg['ssid'];
93
		$optcfg['wireless']['channel'] = $wlancfg['channel'];
94
		$optcfg['wireless']['wep'] = $wlancfg['wep'];
95

    
96
		$ifmap['wlan' . $i] = "opt" . $opti;
97

    
98
		unset($config['interfaces']['wlan' . $i]);
99
		$opti++;
100
	}
101

    
102
	/* convert filter rules */
103
	$n = count($config['filter']['rule']);
104
	for ($i = 0; $i < $n; $i++) {
105

    
106
		$fr = &$config['filter']['rule'][$i];
107

    
108
		/* remap interface */
109
		if (array_key_exists($fr['interface'], $ifmap))
110
			$fr['interface'] = $ifmap[$fr['interface']];
111
		else {
112
			/* remove the rule */
113
			echo "\nWarning: filter rule removed " .
114
				"(interface '{$fr['interface']}' does not exist anymore).";
115
			unset($config['filter']['rule'][$i]);
116
			continue;
117
		}
118

    
119
		/* remap source network */
120
		if (isset($fr['source']['network'])) {
121
			if (array_key_exists($fr['source']['network'], $ifmap))
122
				$fr['source']['network'] = $ifmap[$fr['source']['network']];
123
			else {
124
				/* remove the rule */
125
				echo "\nWarning: filter rule removed " .
126
					"(source network '{$fr['source']['network']}' does not exist anymore).";
127
				unset($config['filter']['rule'][$i]);
128
				continue;
129
			}
130
		}
131

    
132
		/* remap destination network */
133
		if (isset($fr['destination']['network'])) {
134
			if (array_key_exists($fr['destination']['network'], $ifmap))
135
				$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
136
			else {
137
				/* remove the rule */
138
				echo "\nWarning: filter rule removed " .
139
					"(destination network '{$fr['destination']['network']}' does not exist anymore).";
140
				unset($config['filter']['rule'][$i]);
141
				continue;
142
			}
143
		}
144
	}
145

    
146
	/* convert shaper rules */
147
	$n = count($config['pfqueueing']['rule']);
148
	if (is_array($config['pfqueueing']['rule']))
149
	for ($i = 0; $i < $n; $i++) {
150

    
151
		$fr = &$config['pfqueueing']['rule'][$i];
152

    
153
		/* remap interface */
154
		if (array_key_exists($fr['interface'], $ifmap))
155
			$fr['interface'] = $ifmap[$fr['interface']];
156
		else {
157
			/* remove the rule */
158
			echo "\nWarning: traffic shaper rule removed " .
159
				"(interface '{$fr['interface']}' does not exist anymore).";
160
			unset($config['pfqueueing']['rule'][$i]);
161
			continue;
162
		}
163

    
164
		/* remap source network */
165
		if (isset($fr['source']['network'])) {
166
			if (array_key_exists($fr['source']['network'], $ifmap))
167
				$fr['source']['network'] = $ifmap[$fr['source']['network']];
168
			else {
169
				/* remove the rule */
170
				echo "\nWarning: traffic shaper rule removed " .
171
					"(source network '{$fr['source']['network']}' does not exist anymore).";
172
				unset($config['pfqueueing']['rule'][$i]);
173
				continue;
174
			}
175
		}
176

    
177
		/* remap destination network */
178
		if (isset($fr['destination']['network'])) {
179
			if (array_key_exists($fr['destination']['network'], $ifmap))
180
				$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
181
			else {
182
				/* remove the rule */
183
				echo "\nWarning: traffic shaper rule removed " .
184
					"(destination network '{$fr['destination']['network']}' does not exist anymore).";
185
				unset($config['pfqueueing']['rule'][$i]);
186
				continue;
187
			}
188
		}
189
	}
190
}
191

    
192

    
193
function upgrade_011_to_012() {
194
	global $config;
195
	/* move LAN DHCP server config */
196
	$tmp = $config['dhcpd'];
197
	$config['dhcpd'] = array();
198
	$config['dhcpd']['lan'] = $tmp;
199

    
200
	/* encrypt password */
201
	$config['system']['password'] = crypt($config['system']['password']);
202
}
203

    
204

    
205
function upgrade_012_to_013() {
206
	global $config;
207
	/* convert advanced outbound NAT config */
208
	for ($i = 0; isset($config['nat']['advancedoutbound']['rule'][$i]); $i++) {
209
		$curent = &$config['nat']['advancedoutbound']['rule'][$i];
210
		$src = $curent['source'];
211
		$curent['source'] = array();
212
		$curent['source']['network'] = $src;
213
		$curent['destination'] = array();
214
		$curent['destination']['any'] = true;
215
	}
216

    
217
	/* add an explicit type="pass" to all filter rules to make things consistent */
218
	for ($i = 0; isset($config['filter']['rule'][$i]); $i++) {
219
		$config['filter']['rule'][$i]['type'] = "pass";
220
	}
221
}
222

    
223

    
224
function upgrade_013_to_014() {
225
	global $config;
226
	/* convert shaper rules (make pipes) */
227
	if (is_array($config['pfqueueing']['rule'])) {
228
		$config['pfqueueing']['pipe'] = array();
229

    
230
		for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) {
231
			$curent = &$config['pfqueueing']['rule'][$i];
232

    
233
			/* make new pipe and associate with this rule */
234
			$newpipe = array();
235
			$newpipe['descr'] = $curent['descr'];
236
			$newpipe['bandwidth'] = $curent['bandwidth'];
237
			$newpipe['delay'] = $curent['delay'];
238
			$newpipe['mask'] = $curent['mask'];
239
			$config['pfqueueing']['pipe'][$i] = $newpipe;
240

    
241
			$curent['targetpipe'] = $i;
242

    
243
			unset($curent['bandwidth']);
244
			unset($curent['delay']);
245
			unset($curent['mask']);
246
		}
247
	}
248
}
249

    
250

    
251
function upgrade_014_to_015() {
252
	global $config;
253
	/* Default route moved */
254
	if (isset($config['interfaces']['wan']['gateway']))
255
		if ($config['interfaces']['wan']['gateway'] <> "")
256
		$config['interfaces']['wan']['gateway'] = $config['interfaces']['wan']['gateway'];
257
	unset($config['interfaces']['wan']['gateway']);
258

    
259
	/* Queues are no longer interface specific */
260
	if (isset($config['interfaces']['lan']['schedulertype']))
261
		unset($config['interfaces']['lan']['schedulertype']);
262
	if (isset($config['interfaces']['wan']['schedulertype']))
263
		unset($config['interfaces']['wan']['schedulertype']);
264

    
265
	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
266
		if(isset($config['interfaces']['opt' . $i]['schedulertype']))
267
			unset($config['interfaces']['opt' . $i]['schedulertype']);
268
	}
269
}
270

    
271

    
272
function upgrade_015_to_016() {
273
	global $config;
274
	/* Alternate firmware URL moved */
275
	if (isset($config['system']['firmwareurl']) && isset($config['system']['firmwarename'])) { // Only convert if *both* are defined.
276
		$config['system']['alt_firmware_url'] = array();
277
		$config['system']['alt_firmware_url']['enabled'] = "";
278
		$config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl'];
279
		$config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename'];
280
		unset($config['system']['firmwareurl'], $config['system']['firmwarename']);
281
	} else {
282
		unset($config['system']['firmwareurl'], $config['system']['firmwarename']);
283
	}
284
}
285

    
286

    
287
function upgrade_016_to_017() {
288
	global $config;
289
	/* wipe previous shaper configuration */
290
	unset($config['shaper']['queue']);
291
	unset($config['shaper']['rule']);
292
	unset($config['interfaces']['wan']['bandwidth']);
293
	unset($config['interfaces']['wan']['bandwidthtype']);
294
	unset($config['interfaces']['lan']['bandwidth']);
295
	unset($config['interfaces']['lan']['bandwidthtype']);
296
	$config['shaper']['enable'] = FALSE;
297
}
298

    
299

    
300
function upgrade_017_to_018() {
301
	global $config;
302
	if(isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) {
303
		$proxyarp = &$config['proxyarp']['proxyarpnet'];
304
		foreach($proxyarp as $arpent){
305
			$vip = array();
306
			$vip['mode'] = "proxyarp";
307
			$vip['interface'] = $arpent['interface'];
308
			$vip['descr'] = $arpent['descr'];
309
			if (isset($arpent['range'])) {
310
				$vip['range'] = $arpent['range'];
311
				$vip['type'] = "range";
312
			} else {
313
				$subnet = explode('/', $arpent['network']);
314
				$vip['subnet'] = $subnet[0];
315
				if (isset($subnet[1])) {
316
					$vip['subnet_bits'] = $subnet[1];
317
					$vip['type'] = "network";
318
				} else {
319
					$vip['subnet_bits'] = "32";
320
					$vip['type'] = "single";
321
				}
322
			}
323
			$config['virtualip']['vip'][] = $vip;
324
		}
325
		unset($config['proxyarp']);
326
	}
327
	if(isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) {
328
		$carp = &$config['installedpackages']['carp']['config'];
329
		foreach($carp as $carpent){
330
			$vip = array();
331
			$vip['mode'] = "carp";
332
			$vip['interface'] = "AUTO";
333
			$vip['descr'] = "CARP vhid {$carpent['vhid']}";
334
			$vip['type'] = "single";
335
			$vip['vhid'] = $carpent['vhid'];
336
			$vip['advskew'] = $carpent['advskew'];
337
			$vip['password'] = $carpent['password'];
338
			$vip['subnet'] = $carpent['ipaddress'];
339
			$vip['subnet_bits'] = $carpent['netmask'];
340
			$config['virtualip']['vip'][] = $vip;
341
		}
342
		unset($config['installedpackages']['carp']);
343
	}
344
	/* Server NAT is no longer needed */
345
	unset($config['nat']['servernat']);
346

    
347
	/* enable SSH */
348
	if ($config['version'] == "1.8") {
349
		$config['system']['sshenabled'] = true;
350
	}
351
}
352

    
353

    
354
function upgrade_018_to_019() {
355
	global $config;
356
	$config['theme']="metallic";
357
}
358

    
359

    
360
function upgrade_019_to_020() {
361
	global $config;
362
	if(is_array($config['ipsec']['tunnel'])) {
363
		reset($config['ipsec']['tunnel']);
364
		while (list($index, $tunnel) = each($config['ipsec']['tunnel'])) {
365
			/* Sanity check on required variables */
366
			/* This fixes bogus <tunnel> entries - remnant of bug #393 */
367
			if (!isset($tunnel['local-subnet']) && !isset($tunnel['remote-subnet'])) {
368
				unset($config['ipsec']['tunnel'][$tunnel]);
369
			}
370
		}
371
	}
372
}
373

    
374
function upgrade_020_to_021() {
375
	global $config;
376
	/* shaper scheduler moved */
377
	if(isset($config['system']['schedulertype'])) {
378
		$config['shaper']['schedulertype'] = $config['system']['schedulertype'];
379
		unset($config['system']['schedulertype']);
380
	}
381
}
382

    
383

    
384
function upgrade_021_to_022() {
385
	global $config;
386
	/* move gateway to wan interface */
387
	$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
388
}
389

    
390
function upgrade_022_to_023() {
391
	global $config;
392
	if(isset($config['shaper'])) {
393
		/* wipe previous shaper configuration */
394
		unset($config['shaper']);
395
	}
396
}
397

    
398

    
399
function upgrade_023_to_024() {
400
	global $config;
401
}
402

    
403

    
404
function upgrade_024_to_025() {
405
	global $config;
406
	$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
407
	unset($config['system']['use_rrd_gateway']);
408
}
409

    
410

    
411
function upgrade_025_to_026() {
412
	global $config;
413
	$cron_item = array();
414
	$cron_item['minute'] = "0";
415
	$cron_item['hour'] = "*";
416
	$cron_item['mday'] = "*";
417
	$cron_item['month'] = "*";
418
	$cron_item['wday'] = "*";
419
	$cron_item['who'] = "root";
420
	$cron_item['command'] = "/usr/bin/nice -n20 newsyslog";
421

    
422
	$config['cron']['item'][] = $cron_item;
423

    
424
	$cron_item = array();
425
	$cron_item['minute'] = "1,31";
426
	$cron_item['hour'] = "0-5";
427
	$cron_item['mday'] = "*";
428
	$cron_item['month'] = "*";
429
	$cron_item['wday'] = "*";
430
	$cron_item['who'] = "root";
431
	$cron_item['command'] = "/usr/bin/nice -n20 adjkerntz -a";
432

    
433
	$config['cron']['item'][] = $cron_item;
434

    
435
	$cron_item = array();
436
	$cron_item['minute'] = "1";
437
	$cron_item['hour'] = "*";
438
	$cron_item['mday'] = "1";
439
	$cron_item['month'] = "*";
440
	$cron_item['wday'] = "*";
441
	$cron_item['who'] = "root";
442
	$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_bogons.sh";
443

    
444
	$config['cron']['item'][] = $cron_item;
445

    
446
	$cron_item = array();
447
	$cron_item['minute'] = "*/60";
448
	$cron_item['hour'] = "*";
449
	$cron_item['mday'] = "*";
450
	$cron_item['month'] = "*";
451
	$cron_item['wday'] = "*";
452
	$cron_item['who'] = "root";
453
	$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout";
454

    
455
	$config['cron']['item'][] = $cron_item;
456

    
457
	$cron_item = array();
458
	$cron_item['minute'] = "1";
459
	$cron_item['hour'] = "1";
460
	$cron_item['mday'] = "*";
461
	$cron_item['month'] = "*";
462
	$cron_item['wday'] = "*";
463
	$cron_item['who'] = "root";
464
	$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update";
465

    
466
	$config['cron']['item'][] = $cron_item;
467

    
468
	$cron_item = array();
469
	$cron_item['minute'] = "*/60";
470
	$cron_item['hour'] = "*";
471
	$cron_item['mday'] = "*";
472
	$cron_item['month'] = "*";
473
	$cron_item['wday'] = "*";
474
	$cron_item['who'] = "root";
475
	$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot";
476

    
477
	$config['cron']['item'][] = $cron_item;
478

    
479
	$cron_item = array();
480
	$cron_item['minute'] = "*/60";
481
	$cron_item['hour'] = "*";
482
	$cron_item['mday'] = "*";
483
	$cron_item['month'] = "*";
484
	$cron_item['wday'] = "*";
485
	$cron_item['who'] = "root";
486
	$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c";
487

    
488
	$config['cron']['item'][] = $cron_item;
489
}
490

    
491

    
492
function upgrade_026_to_027() {
493
	global $config;
494
}
495

    
496

    
497
function upgrade_027_to_028() {
498
	global $config;
499
}
500

    
501

    
502
function upgrade_028_to_029() {
503
	global $config;
504
	$rule_item = array();
505
	$a_filter = &$config['filter']['rule'];
506
	$rule_item['interface'] = "enc0";
507
	$rule_item['type'] = "pass";
508
	$rule_item['source']['any'] = true;
509
	$rule_item['destination']['any'] = true;
510
	$rule_item['descr'] = "Permit IPsec traffic.";
511
	$rule_item['statetype'] = "keep state";
512
	$a_filter[] = $rule_item;
513
}
514

    
515

    
516
function upgrade_029_to_030() {
517
	global $config;
518
	/* enable the rrd config setting by default */
519
	$config['rrd']['enable'] = true;
520
}
521

    
522

    
523
function upgrade_030_to_031() {
524
	global $config;
525
	/* Insert upgrade code here */
526
}
527

    
528

    
529
function upgrade_031_to_032() {
530
	global $config;
531
	/* Insert upgrade code here */
532
}
533

    
534

    
535
function upgrade_032_to_033() {
536
	global $config;
537
	/* Insert upgrade code here */
538
}
539

    
540

    
541
function upgrade_033_to_034() {
542
	global $config;
543
	/* Insert upgrade code here */
544
}
545

    
546

    
547
function upgrade_034_to_035() {
548
	global $config;
549
	/* Insert upgrade code here */
550
}
551

    
552

    
553
function upgrade_035_to_036() {
554
	global $config;
555
	/* Insert upgrade code here */
556
}
557

    
558

    
559
function upgrade_036_to_037() {
560
	global $config;
561
	/* Insert upgrade code here */
562
}
563

    
564

    
565
function upgrade_037_to_038() {
566
	global $config;
567
	/* Insert upgrade code here */
568
}
569

    
570

    
571
function upgrade_038_to_039() {
572
	global $config;
573
	/* Insert upgrade code here */
574
}
575

    
576

    
577
function upgrade_039_to_040() {
578
	global $config;
579
	$config['system']['webgui']['auth_method'] = "session";
580
	$config['system']['webgui']['backing_method'] = "htpasswd";
581

    
582
	if (isset ($config['system']['username'])) {
583
		$config['system']['group'] = array();
584
		$config['system']['group'][0]['name'] = "admins";
585
		$config['system']['group'][0]['description'] = "System Administrators";
586
		$config['system']['group'][0]['scope'] = "system";
587
		$config['system']['group'][0]['priv'] = "page-all";
588
		$config['system']['group'][0]['home'] = "index.php";
589
		$config['system']['group'][0]['gid'] = "110";
590

    
591
		$config['system']['user'] = array();
592
		$config['system']['user'][0]['name'] = "{$config['system']['username']}";
593
		$config['system']['user'][0]['descr'] = "System Administrator";
594
		$config['system']['user'][0]['scope'] = "system";
595
		$config['system']['user'][0]['groupname'] = "admins";
596
		$config['system']['user'][0]['password'] = "{$config['system']['password']}";
597
		$config['system']['user'][0]['uid'] = "0";
598
		/* Ensure that we follow what this new "admin" username should be in the session. */
599
		$_SESSION["Username"] = "{$config['system']['username']}";
600

    
601
		$config['system']['user'][0]['priv'] = array();
602
		$config['system']['user'][0]['priv'][0]['id'] = "lockwc";
603
		$config['system']['user'][0]['priv'][0]['name'] = "Lock webConfigurator";
604
		$config['system']['user'][0]['priv'][0]['descr'] = "Indicates whether this user will lock access to the webConfigurator for other users.";
605
		$config['system']['user'][0]['priv'][1]['id'] = "lock-ipages";
606
		$config['system']['user'][0]['priv'][1]['name'] = "Lock individual pages";
607
		$config['system']['user'][0]['priv'][1]['descr'] = "Indicates whether this user will lock individual HTML pages after having accessed a particular page (the lock will be freed if the user leaves or saves the page form).";
608
		$config['system']['user'][0]['priv'][2]['id'] = "hasshell";
609
		$config['system']['user'][0]['priv'][2]['name'] = "Has shell access";
610
		$config['system']['user'][0]['priv'][2]['descr'] = "Indicates whether this user is able to login for example via SSH.";
611
		$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
612
		$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
613
		$config['system']['user'][0]['priv'][3]['descr'] = "Indicates whether this user is allowed to copy files onto the {$g['product_name']} appliance via SCP/SFTP. If you are going to use this privilege, you must install scponly on the appliance (Hint: pkg_add -r scponly).";
614
		$config['system']['user'][0]['priv'][4]['id'] = "isroot";
615
		$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
616
		$config['system']['user'][0]['priv'][4]['descr'] = "This user is associated with the UNIX root user (you should associate this privilege only with one single user).";
617

    
618
		$config['system']['nextuid'] = "111";
619
		$config['system']['nextgid'] = "111";
620

    
621
		/* wipe previous auth configuration */
622
		unset ($config['system']['username']);
623
		unset ($config['system']['password']);
624
	}
625
}
626

    
627
function upgrade_040_to_041() {
628
	global $config;
629
	if(!$config['sysctl']) {
630
		$config['sysctl']['item'] = array();
631

    
632
		$config['sysctl']['item'][0]['tunable'] = "net.inet.tcp.blackhole";
633
		$config['sysctl']['item'][0]['descr'] =    "Drop packets to closed TCP ports without returning a RST";
634
		$config['sysctl']['item'][0]['value'] =   "default";
635

    
636
		$config['sysctl']['item'][1]['tunable'] = "net.inet.udp.blackhole";
637
		$config['sysctl']['item'][1]['descr'] =    "Do not send ICMP port unreachable messages for closed UDP ports";
638
		$config['sysctl']['item'][1]['value'] =   "default";
639

    
640
		$config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id";
641
		$config['sysctl']['item'][2]['descr'] =    "Randomize the ID field in IP packets (default is 0: sequential IP IDs)";
642
		$config['sysctl']['item'][2]['value'] =   "default";
643

    
644
		$config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin";
645
		$config['sysctl']['item'][3]['descr'] =    "Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)";
646
		$config['sysctl']['item'][3]['value'] =   "default";
647

    
648
		$config['sysctl']['item'][4]['tunable'] = "net.inet.ip.redirect";
649
		$config['sysctl']['item'][4]['descr'] =    "Sending of IPv4 ICMP redirects";
650
		$config['sysctl']['item'][4]['value'] =   "default";
651

    
652
		$config['sysctl']['item'][5]['tunable'] = "net.inet6.ip6.redirect";
653
		$config['sysctl']['item'][5]['descr'] =    "Sending of IPv6 ICMP redirects";
654
		$config['sysctl']['item'][5]['value'] =   "default";
655

    
656
		$config['sysctl']['item'][6]['tunable'] = "net.inet.tcp.syncookies";
657
		$config['sysctl']['item'][6]['descr'] =    "Generate SYN cookies for outbound SYN-ACK packets";
658
		$config['sysctl']['item'][6]['value'] =   "default";
659

    
660
		$config['sysctl']['item'][7]['tunable'] = "net.inet.tcp.recvspace";
661
		$config['sysctl']['item'][7]['descr'] =    "Maximum incoming TCP datagram size";
662
		$config['sysctl']['item'][7]['value'] =   "default";
663

    
664
		$config['sysctl']['item'][8]['tunable'] = "net.inet.tcp.sendspace";
665
		$config['sysctl']['item'][8]['descr'] =    "Maximum outgoing TCP datagram size";
666
		$config['sysctl']['item'][8]['value'] =   "default";
667

    
668
		$config['sysctl']['item'][9]['tunable'] = "net.inet.ip.fastforwarding";
669
		$config['sysctl']['item'][9]['descr'] =    "Fastforwarding (see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html)";
670
		$config['sysctl']['item'][9]['value'] =   "default";
671

    
672
		$config['sysctl']['item'][10]['tunable'] = "net.inet.tcp.delayed_ack";
673
		$config['sysctl']['item'][10]['descr'] =    "Do not delay ACK to try and piggyback it onto a data packet";
674
		$config['sysctl']['item'][10]['value'] =   "default";
675

    
676
		$config['sysctl']['item'][11]['tunable'] = "net.inet.udp.maxdgram";
677
		$config['sysctl']['item'][11]['descr'] =    "Maximum outgoing UDP datagram size";
678
		$config['sysctl']['item'][11]['value'] =   "default";
679

    
680
		$config['sysctl']['item'][12]['tunable'] = "net.link.bridge.pfil_onlyip";
681
		$config['sysctl']['item'][12]['descr'] =    "Handling of non-IP packets which are not passed to pfil (see if_bridge(4))";
682
		$config['sysctl']['item'][12]['value'] =   "default";
683

    
684
		$config['sysctl']['item'][13]['tunable'] = "net.link.tap.user_open";
685
		$config['sysctl']['item'][13]['descr'] =    "Allow unprivileged access to tap(4) device nodes";
686
		$config['sysctl']['item'][13]['value'] =   "default";
687

    
688
		$config['sysctl']['item'][14]['tunable'] = "kern.rndtest.verbose";
689
		$config['sysctl']['item'][14]['descr'] =    "Verbosity of the rndtest driver (0: do not display results on console)";
690
		$config['sysctl']['item'][14]['value'] =   "default";
691

    
692
		$config['sysctl']['item'][15]['tunable'] = "kern.randompid";
693
		$config['sysctl']['item'][15]['descr'] =    "Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())";
694
		$config['sysctl']['item'][15]['value'] =   "default";
695

    
696
		$config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.inflight.enable";
697
		$config['sysctl']['item'][16]['descr'] =    "The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. ";
698
		$config['sysctl']['item'][16]['value'] =   "default";
699

    
700
		$config['sysctl']['item'][17]['tunable'] = "net.inet.icmp.icmplim";
701
		$config['sysctl']['item'][17]['descr'] =    "Set ICMP Limits";
702
		$config['sysctl']['item'][17]['value'] =   "default";
703

    
704
		$config['sysctl']['item'][18]['tunable'] = "net.inet.tcp.tso";
705
		$config['sysctl']['item'][18]['descr'] =    "TCP Offload engine";
706
		$config['sysctl']['item'][18]['value'] =   "default";
707
		
708
		$config['sysctl']['item'][19]['tunable'] = "net.inet.ip.portrange.first";
709
		$config['sysctl']['item'][19]['descr'] =    "Set the ephemeral port range starting port";
710
		$config['sysctl']['item'][19]['value'] =   "default";
711

    
712
		$config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot";
713
		$config['sysctl']['item'][20]['descr'] =    "Enables ctrl+alt+delete";
714
		$config['sysctl']['item'][20]['value'] =   "default";
715

    
716
		$config['sysctl']['item'][21]['tunable'] = "kern.ipc.maxsockbuf";
717
		$config['sysctl']['item'][21]['descr'] =    "Maximum socket buffer size";
718
		$config['sysctl']['item'][21]['value'] =   "default";
719

    
720
	}
721
}
722

    
723

    
724
function upgrade_041_to_042() {
725
	global $config;
726
	if (isset($config['shaper']))
727
		unset($config['shaper']);
728
	if (isset($config['ezshaper']))
729
		unset($config['ezshaper']);
730
}
731

    
732

    
733
function upgrade_042_to_043() {
734
	global $config;
735
	/* migrate old interface gateway to the new gateways config */
736
	$iflist = get_configured_interface_list(false, true);
737
	$gateways = array();
738
	$i = 0;
739
	foreach($iflist as $ifname => $interface) {
740
		if(! interface_has_gateway($ifname)) {
741
			continue;
742
		}
743
		$config['gateways']['gateway_item'][$i] = array();
744
		if(is_ipaddr($config['interfaces'][$ifname]['gateway'])) {
745
			$config['gateways']['gateway_item'][$i]['gateway'] = $config['interfaces'][$ifname]['gateway'];
746
			$config['gateways']['gateway_item'][$i]['descr'] = "Interface $ifname Static Gateway";			
747
		} else {
748
			$config['gateways']['gateway_item'][$i]['gateway'] = "dynamic";
749
			$config['gateways']['gateway_item'][$i]['descr'] = "Interface $ifname Dynamic Gateway";			
750
		}
751
		$config['gateways']['gateway_item'][$i]['interface'] = $ifname;
752
		$config['gateways']['gateway_item'][$i]['name'] = "GW_" . strtoupper($ifname);
753
		/* add default gateway bit for wan on upgrade */
754
		if($ifname == "wan") {
755
			 $config['gateways']['gateway_item'][$i]['defaultgw'] = true;
756
		}
757
		if(is_ipaddr($config['interfaces'][$ifname]['use_rrd_gateway'])) {
758
			$config['gateways']['gateway_item'][$i]['monitor'] = $config['interfaces'][$ifname]['use_rrd_gateway'];
759
			unset($config['interfaces'][$ifname]['use_rrd_gateway']);
760
		}
761
		$config['interfaces'][$ifname]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
762

    
763
		/* Update all filter rules which might reference this gateway */
764
		$j = 0;
765
		foreach($config['filter']['rule'] as $rule) {
766
			if(is_ipaddr($rule['gateway'])) {
767
				if ($rule['gateway'] == $config['gateways']['gateway_item'][$i]['gateway'])
768
					$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
769
				else if ($rule['gateway'] == $ifname)
770
					$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
771
			}
772
			$j++;
773
		}
774

    
775
		/* rename old Quality RRD files in the process */
776
		$rrddbpath = "/var/db/rrd";
777
		$gwname = "GW_" . strtoupper($ifname);
778
		if(is_readable("{$rrddbpath}/{$ifname}-quality.rrd")) {
779
			rename("{$rrddbpath}/{$ifname}-quality.rrd", "{$rrddbpath}/{$gwname}-quality.rrd");
780
		}
781
		$i++;
782
	}
783
}
784

    
785

    
786
function upgrade_043_to_044() {
787
	global $config;
788

    
789
	/* migrate static routes to the new gateways config */
790
	$gateways = return_gateways_array(true);
791
	$i = 0;
792
	if (is_array($config['staticroutes']['route'])) {
793
		$gwmap = array();
794
		foreach ($config['staticroutes']['route'] as $idx => $sroute) {
795
			$found = false;
796
			foreach ($gateways as $gwname => $gw) {
797
				if ($gw['gateway'] == $sroute['gateway']) {
798
					$config['staticroutes']['route'][$idx]['gateway'] = $gwname;
799
					$found = true;
800
					break;
801
				}
802
			}
803
			if($gwmap[$sroute['gateway']]) {
804
				/* We already added a gateway name for this IP */
805
				$config['staticroutes']['route'][$idx]['gateway'] = "{$gwmap[$sroute['gateway']]}";
806
				$found = true;
807
			}			
808
			if ($found == false) {
809
				$gateway = array();
810
				$gateway['name'] = "SROUTE{$i}";
811
				$gwmap[$sroute['gateway']] = $gateway['name'];
812
				$gateway['gateway'] = $sroute['gateway'];
813
				$gateway['interface'] = $sroute['interface'];
814
				$gateway['descr'] = "Upgraded static route for {$sroute['network']}";
815
				if (!is_array($config['gateways']['gateway_item']))
816
					$config['gateways']['gateway_item'] = array();
817
				$config['gateways']['gateway_item'][] = $gateway;
818
				$config['staticroutes']['route'][$idx]['gateway'] = $gateway['name'];
819
				$i++;
820
			}
821
		}
822
	}
823
}
824

    
825

    
826
function upgrade_044_to_045() {
827
	global $config;
828
	$iflist = get_configured_interface_list(false, true);
829
	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
830
		$i = 0;
831
		foreach ($config['vlans']['vlan'] as $id => $vlan) {
832
			/* Make sure to update the interfaces section with the right name */
833
			$vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}";
834
			foreach($iflist as $ifname) {
835
				if($config['interfaces'][$ifname]['if'] == "vlan{$i}") {
836
					$config['interfaces'][$ifname]['if'] = $vlan_name;
837
					continue;
838
				}
839
			}
840
			$config['vlans']['vlan'][$i]['vlanif'] = "{$vlan_name}";
841
			$i++;			
842
		}
843
	}
844
}
845

    
846

    
847
function upgrade_045_to_046() {
848
	global $config;
849
	/* Upgrade load balancer from slb to relayd */
850
	if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
851
		$vs_a = &$config['load_balancer']['virtual_server'];
852
		$pool_a = &$config['load_balancer']['lbpool'];
853
		$pools = array();
854
		/* Index pools by name */
855
		if(is_array($pool_a)) {
856
			for ($i = 0; isset($pool_a[$i]); $i++) {
857
				if($pool_a[$i]['type'] == "server") {
858
					$pools[$pool_a[$i]['name']] = $pool_a[$i];
859
				}
860
			}
861
		}
862
		/* Convert sitedown entries to pools and re-attach */
863
		for ($i = 0; isset($vs_a[$i]); $i++) {
864
			if (isset($vs_a[$i]['sitedown'])) {
865
				$pool = array();
866
				$pool['type'] = 'server';
867
				$pool['behaviour'] = 'balance';
868
				$pool['name'] = "{$vs_a[$i]['name']}-sitedown";
869
				$pool['descr'] = "Sitedown pool for VS: {$vs_a[$i]['name']}";
870
				$pool['port'] = $pools[$vs_a[$i]['pool']]['port'];
871
				$pool['servers'] = array();
872
				$pool['servers'][] = $vs_a[$i]['sitedown'];
873
				$pool['monitor'] = $pools[$vs_a[$i]['pool']]['monitor'];
874
				$pool_a[] = $pool;
875
				$vs_a[$i]['sitedown'] = $pool['name'];
876
			}
877
		}
878
	}
879
	if(count($config['load_balancer']) == 0) {
880
		unset($config['load_balancer']);
881
	}
882
	mwexec('/usr/sbin/pw groupadd -n _relayd -g 913');
883
	mwexec('/usr/sbin/pw useradd -n _relayd -c "Relay Daemon" -d /var/empty -s /usr/sbin/nologin -u 913 -g 913');
884
}
885

    
886

    
887
function upgrade_046_to_047() {
888
	global $config;
889
	/* Upgrade IPsec from tunnel to phase1/phase2 */
890

    
891
	if(is_array($config['ipsec']['tunnel'])) {
892

    
893
		$a_phase1 = array();
894
		$a_phase2 = array();
895
		$ikeid = 0;
896

    
897
		foreach ($config['ipsec']['tunnel'] as $tunnel) {
898

    
899
			unset($ph1ent);
900
			unset($ph2ent);
901

    
902
			/*
903
				*  attempt to locate an enabled phase1
904
				*  entry that matches the peer gateway
905
				*/
906

    
907
			if (!isset($tunnel['disabled'])) {
908

    
909
				$remote_gateway = $tunnel['remote-gateway'];
910

    
911
				foreach ($a_phase1 as $ph1tmp) {
912
					if ($ph1tmp['remote-gateway'] == $remote_gateway) {
913
						$ph1ent = $ph1tmp;
914
						break;
915
					}
916
				}
917
			}
918

    
919
			/* none found, create a new one */
920

    
921
			if (!isset( $ph1ent )) {
922

    
923
				/* build new phase1 entry */
924

    
925
				$ph1ent = array();
926

    
927
				$ph1ent['ikeid'] = ++$ikeid;
928

    
929
				if (isset($tunnel['disabled']))
930
					$ph1ent['disabled'] = $tunnel['disabled'];
931

    
932
				/* convert to the new vip[$vhid] name */
933
				if(preg_match("/^carp/", $tunnel['interface'])) {
934
					$carpid = str_replace("carp", "", $tunnel['interface']);
935
					$tunnel['interface'] = "vip" . $config['virtualip']['vip'][$carpid]['vhid'];
936
				}
937
				$ph1ent['interface'] = $tunnel['interface'];
938
				$ph1ent['remote-gateway'] = $tunnel['remote-gateway'];
939
				$ph1ent['descr'] = $tunnel['descr'];
940

    
941
				$ph1ent['mode'] = $tunnel['p1']['mode'];
942

    
943
				if (isset($tunnel['p1']['myident']['myaddress']))
944
					$ph1ent['myid_type'] = "myaddress";
945
				if (isset($tunnel['p1']['myident']['address'])) {
946
					$ph1ent['myid_type'] = "address";
947
					$ph1ent['myid_data'] = $tunnel['p1']['myident']['address'];
948
				}
949
				if (isset($tunnel['p1']['myident']['fqdn'])) {
950
					$ph1ent['myid_type'] = "fqdn";
951
					$ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn'];
952
				}
953
				if (isset($tunnel['p1']['myident']['ufqdn'])) {
954
					$ph1ent['myid_type'] = "user_fqdn";
955
					$ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn'];
956
				}
957
				if (isset($tunnel['p1']['myident']['asn1dn'])) {
958
					$ph1ent['myid_type'] = "asn1dn";
959
					$ph1ent['myid_data'] = $tunnel['p1']['myident']['asn1dn'];
960
				}
961
				if (isset($tunnel['p1']['myident']['dyn_dns'])) {
962
					$ph1ent['myid_type'] = "dyn_dns";
963
					$ph1ent['myid_data'] = $tunnel['p1']['myident']['dyn_dns'];
964
				}
965

    
966
				$ph1ent['peerid_type'] = "peeraddress";
967

    
968
				switch ($tunnel['p1']['encryption-algorithm']) {
969
					case "des":
970
					$ph1alg = array( 'name' => 'des' );
971
					break;
972
					case "3des":
973
					$ph1alg = array( 'name' => '3des' );
974
					break;
975
					case "blowfish":
976
					$ph1alg = array( 'name' => 'blowfish', 'keylen' => '128'  );
977
					break;
978
					case "cast128":
979
					$ph1alg = array( 'name' => 'cast128' );
980
					break;
981
					case "rijndael":
982
					$ph1alg = array( 'name' => 'aes', 'keylen' => '128' );
983
					break;
984
					case "rijndael 256":
985
					case "aes 256":
986
					$ph1alg = array( 'name' => 'aes', 'keylen' => '256' );
987
					break;
988
				}
989

    
990
				$ph1ent['encryption-algorithm'] = $ph1alg;
991
				$ph1ent['hash-algorithm'] = $tunnel['p1']['hash-algorithm'];
992
				$ph1ent['dhgroup'] = $tunnel['p1']['dhgroup'];
993
				$ph1ent['lifetime'] = $tunnel['p1']['lifetime'];
994
				$ph1ent['authentication_method'] = $tunnel['p1']['authentication_method'];
995

    
996
				if (isset($tunnel['p1']['pre-shared-key']))
997
					$ph1ent['pre-shared-key'] = $tunnel['p1']['pre-shared-key'];
998
				if (isset($tunnel['p1']['cert']))
999
					$ph1ent['cert'] = $tunnel['p1']['cert'];
1000
				if (isset($tunnel['p1']['peercert']))
1001
					$ph1ent['peercert'] = $tunnel['p1']['peercert'];
1002
				if (isset($tunnel['p1']['private-key']))
1003
					$ph1ent['private-key'] = $tunnel['p1']['private-key'];
1004

    
1005
				$ph1ent['nat_traversal'] = "on";
1006
				$ph1ent['dpd_enable'] = 1;
1007
				$ph1ent['dpd_delay'] = 10;
1008
				$ph1ent['dpd_maxfail'] = 5;
1009

    
1010
				$a_phase1[] = $ph1ent;
1011
			}
1012

    
1013
			/* build new phase2 entry */
1014

    
1015
			$ph2ent = array();
1016

    
1017
			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1018

    
1019
			if (isset($tunnel['disabled']))
1020
				$ph1ent['disabled'] = $tunnel['disabled'];
1021

    
1022
			$ph2ent['descr'] = "phase2 for ".$tunnel['descr'];
1023

    
1024
			$type = "lan";
1025
			if ($tunnel['local-subnet']['network'])
1026
				$type = $tunnel['local-subnet']['network'];
1027
			if ($tunnel['local-subnet']['address']) {
1028
				list($address,$netbits) = explode("/",$tunnel['local-subnet']['address']);
1029
				if (is_null($netbits))
1030
					$type = "address";
1031
				else
1032
					$type = "network";
1033
			}
1034

    
1035
			switch ($type) {
1036
				case "address":
1037
				$ph2ent['localid'] = array('type' => $type,'address' => $address);
1038
				break;
1039
				case "network":
1040
				$ph2ent['localid'] = array('type' => $type,'address' => $address,'netbits' => $netbits);
1041
				break;
1042
				default:
1043
				$ph2ent['localid'] = array('type' => $type);
1044
				break;
1045
			}
1046

    
1047
			list($address,$netbits) = explode("/",$tunnel['remote-subnet']);
1048
			$ph2ent['remoteid'] = array('type' => 'network','address' => $address,'netbits' => $netbits);
1049

    
1050
			$ph2ent['protocol'] = $tunnel['p2']['protocol'];
1051

    
1052
			$aes_count = 0;
1053
			foreach( $tunnel['p2']['encryption-algorithm-option'] as $tunalg ) {
1054
				$aes_found = false;
1055
				switch ($tunalg) {
1056
					case "des":
1057
					$ph2alg = array( 'name' => 'des' );
1058
					break;
1059
					case "3des":
1060
					$ph2alg = array( 'name' => '3des' );
1061
					break;
1062
					case "blowfish":
1063
					$ph2alg = array( 'name' => 'blowfish', 'keylen' => 'auto'  );
1064
					break;
1065
					case "cast128":
1066
					$ph2alg = array( 'name' => 'cast128' );
1067
					break;
1068
					case "rijndael":
1069
					case "rijndael 256":
1070
					case "aes 256":
1071
					$ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' );
1072
					$aes_found = true;
1073
					$aes_count++;
1074
					break;
1075
				}
1076

    
1077
				if( !$aes_found || ($aes_count < 2))
1078
					$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1079
			}
1080

    
1081
			$ph2ent['hash-algorithm-option'] = $tunnel['p2']['hash-algorithm-option'];
1082
			$ph2ent['pfsgroup'] = $tunnel['p2']['pfsgroup'];
1083
			$ph2ent['lifetime'] = $tunnel['p2']['lifetime'];
1084

    
1085
			if (isset($tunnel['pinghost']['pinghost']))
1086
				$ph2ent['pinghost'] = $tunnel['pinghost'];
1087

    
1088
			$a_phase2[] = $ph2ent;
1089
		}
1090

    
1091
		unset($config['ipsec']['tunnel']);
1092
		$config['ipsec']['phase1'] = $a_phase1;
1093
		$config['ipsec']['phase2'] = $a_phase2;
1094
	}
1095

    
1096
	/* Upgrade Mobile IPsec */
1097
	if (isset($config['ipsec']['mobileclients'])
1098
		&& is_array($config['ipsec']['mobileclients'])
1099
		&& is_array($config['ipsec']['mobileclients']['p1'])
1100
		&& is_array($config['ipsec']['mobileclients']['p2'])) {
1101

    
1102
		if (isset($config['ipsec']['mobileclients']['enable'])) {
1103
			$config['ipsec']['client']['enable'] = true;
1104
			$config['ipsec']['client']['user_source'] = 'system';
1105
			$config['ipsec']['client']['group_source'] = 'system';
1106
		}
1107

    
1108
		$mobilecfg = $config['ipsec']['mobileclients'];
1109

    
1110
		$ph1ent = array();
1111
		$ph1ent['ikeid'] = ++$ikeid;
1112

    
1113
		if (!isset($mobilecfg['enable']))
1114
			$ph1ent['disabled'] = true;
1115

    
1116
		/* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */
1117
		$ph1ent['interface'] = 'wan';
1118
		$ph1ent['descr'] = "Mobile Clients (upgraded)";
1119
		$ph1ent['mode'] = $mobilecfg['p1']['mode'];
1120

    
1121
		if (isset($mobilecfg['p1']['myident']['myaddress']))
1122
			$ph1ent['myid_type'] = "myaddress";
1123
		if (isset($mobilecfg['p1']['myident']['address'])) {
1124
			$ph1ent['myid_type'] = "address";
1125
			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address'];
1126
		}
1127
		if (isset($mobilecfg['p1']['myident']['fqdn'])) {
1128
			$ph1ent['myid_type'] = "fqdn";
1129
			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn'];
1130
		}
1131
		if (isset($mobilecfg['p1']['myident']['ufqdn'])) {
1132
			$ph1ent['myid_type'] = "user_fqdn";
1133
			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn'];
1134
		}
1135
		if (isset($mobilecfg['p1']['myident']['asn1dn'])) {
1136
			$ph1ent['myid_type'] = "asn1dn";
1137
			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn'];
1138
		}
1139
		if (isset($mobilecfg['p1']['myident']['dyn_dns'])) {
1140
			$ph1ent['myid_type'] = "dyn_dns";
1141
			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns'];
1142
		}
1143
		$ph1ent['peerid_type'] = "fqdn";
1144
		$ph1ent['peerid_data'] = "";
1145

    
1146
		switch ($mobilecfg['p1']['encryption-algorithm']) {
1147
			case "des":
1148
			$ph1alg = array( 'name' => 'des' );
1149
			break;
1150
			case "3des":
1151
			$ph1alg = array( 'name' => '3des' );
1152
			break;
1153
			case "blowfish":
1154
			$ph1alg = array( 'name' => 'blowfish', 'keylen' => '128'  );
1155
			break;
1156
			case "cast128":
1157
			$ph1alg = array( 'name' => 'cast128' );
1158
			break;
1159
			case "rijndael":
1160
			$ph1alg = array( 'name' => 'aes', 'keylen' => '128' );
1161
			break;
1162
			case "rijndael 256":
1163
			case "aes 256":
1164
			$ph1alg = array( 'name' => 'aes', 'keylen' => '256' );
1165
			break;
1166
		}
1167

    
1168
		$ph1ent['encryption-algorithm'] = $ph1alg;
1169
		$ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm'];
1170
		$ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup'];
1171
		$ph1ent['lifetime'] = $mobilecfg['p1']['lifetime'];
1172
		$ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method'];
1173

    
1174
		if (isset($mobilecfg['p1']['cert']))
1175
			$ph1ent['cert'] = $mobilecfg['p1']['cert'];
1176
		if (isset($mobilecfg['p1']['peercert']))
1177
			$ph1ent['peercert'] = $mobilecfg['p1']['peercert'];
1178
		if (isset($mobilecfg['p1']['private-key']))
1179
			$ph1ent['private-key'] = $mobilecfg['p1']['private-key'];
1180

    
1181
		$ph1ent['nat_traversal'] = "on";
1182
		$ph1ent['dpd_enable'] = 1;
1183
		$ph1ent['dpd_delay'] = 10;
1184
		$ph1ent['dpd_maxfail'] = 5;
1185
		$ph1ent['mobile'] = true;
1186

    
1187
		$ph2ent = array();
1188
		$ph2ent['ikeid'] = $ph1ent['ikeid'];
1189
		$ph2ent['descr'] = "phase2 for ".$mobilecfg['descr'];
1190
		$ph2ent['localid'] = array('type' => 'none');
1191
		$ph2ent['remoteid'] = array('type' => 'mobile');
1192
		$ph2ent['protocol'] = $mobilecfg['p2']['protocol'];
1193

    
1194
		$aes_count = 0;
1195
		foreach( $mobilecfg['p2']['encryption-algorithm-option'] as $tunalg ) {
1196
			$aes_found = false;
1197
			switch ($tunalg) {
1198
				case "des":
1199
				$ph2alg = array( 'name' => 'des' );
1200
				break;
1201
				case "3des":
1202
				$ph2alg = array( 'name' => '3des' );
1203
				break;
1204
				case "blowfish":
1205
				$ph2alg = array( 'name' => 'blowfish', 'keylen' => 'auto'  );
1206
				break;
1207
				case "cast128":
1208
				$ph2alg = array( 'name' => 'cast128' );
1209
				break;
1210
				case "rijndael":
1211
				case "rijndael 256":
1212
				case "aes 256":
1213
				$ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' );
1214
				$aes_found = true;
1215
				$aes_count++;
1216
				break;
1217
			}
1218

    
1219
			if( !$aes_found || ($aes_count < 2))
1220
				$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1221
		}
1222
		$ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option'];
1223
		$ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup'];
1224
		$ph2ent['lifetime'] = $mobilecfg['p2']['lifetime'];
1225
		$ph2ent['mobile'] = true;
1226

    
1227
		$config['ipsec']['phase1'][] = $ph1ent;
1228
		$config['ipsec']['phase2'][] = $ph2ent;
1229
		unset($config['ipsec']['mobileclients']);
1230
	}
1231
}
1232

    
1233

    
1234
function upgrade_047_to_048() {
1235
	global $config;
1236
	if (!empty($config['dyndns'])) {
1237
		$config['dyndnses'] = array();
1238
		$config['dyndnses']['dyndns'] = array();
1239
		if(isset($config['dyndns'][0]['host'])) {
1240
			$tempdyn = array();
1241
			$tempdyn['enable'] = isset($config['dyndns'][0]['enable']);
1242
			$tempdyn['type'] = $config['dyndns'][0]['type'];
1243
			$tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']);
1244
			$tempdyn['username'] = $config['dyndns'][0]['username'];
1245
			$tempdyn['password'] = $config['dyndns'][0]['password'];
1246
			$tempdyn['host'] = $config['dyndns'][0]['host'];
1247
			$tempdyn['mx'] = $config['dyndns'][0]['mx'];		
1248
			$tempdyn['interface'] = "wan";
1249
			$tempdyn['descr'] = "Upgraded Dyndns {$tempdyn['type']}";
1250
			$config['dyndnses']['dyndns'][] = $tempdyn;
1251
		}
1252
		unset($config['dyndns']);
1253
	}		
1254
	if (!empty($config['dnsupdate'])) {
1255
		$pconfig = $config['dnsupdate'][0];
1256
		if (!$pconfig['ttl'])
1257
			$pconfig['ttl'] = 60;
1258
		if (!$pconfig['keytype'])
1259
			$pconfig['keytype'] = "zone";
1260
		$pconfig['interface'] = "wan";
1261
		$config['dnsupdates']['dnsupdate'][] = $pconfig;
1262
		unset($config['dnsupdate']);
1263
	}
1264

    
1265
	if (is_array($config['pppoe']) && is_array($config['pppoe'][0])) {
1266
		$pconfig = array();
1267
		$pconfig['username'] = $config['pppoe'][0]['username'];
1268
		$pconfig['password'] = $config['pppoe'][0]['password'];
1269
		$pconfig['provider'] = $config['pppoe'][0]['provider'];
1270
		$pconfig['ondemand'] = isset($config['pppoe'][0]['ondemand']);
1271
		$pconfig['timeout'] = $config['pppoe'][0]['timeout'];
1272
		unset($config['pppoe']);
1273
		$config['interfaces']['wan']['pppoe_username'] = $pconfig['username'];
1274
		$config['interfaces']['wan']['pppoe_password'] = $pconfig['password'];
1275
		$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1276
		$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1277
		$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1278
	}
1279
	if (is_array($config['pptp'])) {
1280
		$pconfig = array();
1281
		$pconfig['username'] = $config['pptp']['username'];
1282
		$pconfig['password'] = $config['pptp']['password'];
1283
		$pconfig['provider'] = $config['pptp']['provider'];
1284
		$pconfig['ondemand'] = isset($config['pptp']['ondemand']);
1285
		$pconfig['timeout'] = $config['pptp']['timeout'];
1286
		unset($config['pptp']);
1287
		$config['interfaces']['wan']['pptp_username'] = $pconfig['username'];
1288
		$config['interfaces']['wan']['pptp_password'] = $pconfig['password'];
1289
		$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1290
		$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand'] );
1291
		$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1292
	}
1293
}
1294

    
1295

    
1296
function upgrade_048_to_049() {
1297
	global $config;
1298
	/* setup new all users group */
1299
	$all = array();
1300
	$all['name'] = "all";
1301
	$all['description'] = "All Users";
1302
	$all['scope'] = "system";
1303
	$all['gid'] = 1998;
1304
	$all['member'] = array();
1305

    
1306
	if (!is_array($config['system']['group']))
1307
		$config['system']['group'] = array();
1308

    
1309
	/* work around broken uid assignments */
1310
	$config['system']['nextuid'] = 2000;
1311
	foreach ($config['system']['user'] as & $user) {
1312
		if (isset($user['uid']) && !$user['uid'])
1313
			continue;
1314
		$user['uid'] = $config['system']['nextuid']++;
1315
	}
1316

    
1317
	/* work around broken gid assignments */
1318
	$config['system']['nextgid'] = 2000;
1319
	foreach ($config['system']['group'] as & $group) {
1320
		if ($group['name'] == $g['admin_group'])
1321
			$group['gid'] = 1999;
1322
		else
1323
			$group['gid'] = $config['system']['nextgid']++;
1324
	}
1325

    
1326
	/* build group membership information */
1327
	foreach ($config['system']['group'] as & $group) {
1328
		$group['member'] = array();
1329
		foreach ($config['system']['user'] as & $user) {
1330
			$groupnames = explode(",", $user['groupname']);
1331
			if (in_array($group['name'],$groupnames))
1332
				$group['member'][] = $user['uid'];
1333
		}
1334
	}
1335

    
1336
	/* reset user group information */
1337
	foreach ($config['system']['user'] as & $user) {
1338
		unset($user['groupname']);
1339
		$all['member'][] = $user['uid'];
1340
	}
1341

    
1342
	/* reset group scope information */
1343
	foreach ($config['system']['group'] as & $group)
1344
		if ($group['name'] != $g['admin_group'])
1345
		$group['scope'] = "user";
1346

    
1347
	/* insert new all group */
1348
	$groups = Array();
1349
	$groups[] = $all;
1350
	$groups = array_merge($config['system']['group'],$groups);
1351
	$config['system']['group'] = $groups;
1352
}
1353

    
1354

    
1355
function upgrade_049_to_050() {
1356
	global $config;
1357
	/* update user privileges */
1358
	foreach ($config['system']['user'] as & $user) {
1359
		$privs = array();
1360
		if (!is_array($user['priv'])) {
1361
			unset($user['priv']);
1362
			continue;
1363
		}
1364
		foreach ($user['priv'] as $priv) {
1365
			switch($priv['id']) {
1366
				case "hasshell":
1367
				$privs[] = "user-shell-access";
1368
				break;
1369
				case "copyfiles":
1370
				$privs[] = "user-copy-files";
1371
				break;
1372
			}
1373
		}
1374
		$user['priv'] = $privs;
1375
	}
1376

    
1377
	/* update group privileges */
1378
	foreach ($config['system']['group'] as & $group) {
1379
		$privs = array();
1380
		if (!is_array($group['pages'])) {
1381
			unset($group['pages']);
1382
			continue;
1383
		}
1384
		foreach ($group['pages'] as $page) {
1385
			$priv = map_page_privname($page);
1386
			if ($priv)
1387
				$privs[] = $priv;
1388
		}
1389
		unset($group['pages']);
1390
		$group['priv'] = $privs;
1391
	}
1392

    
1393
	/* sync all local account information */
1394
	local_sync_accounts();
1395
}
1396

    
1397

    
1398
function upgrade_050_to_051() {
1399
	global $config;
1400
	$pconfig = array();
1401
	$pconfig['descr'] = "Set to 0 to disable filtering on the incoming and outgoing member interfaces.";
1402
	$pconfig['tunable'] = "net.link.bridge.pfil_member";
1403
	$pconfig['value'] = "1";
1404
	$config['sysctl']['item'][] = $pconfig;
1405
	$pconfig = array();
1406
	$pconfig['descr'] = "Set to 1 to enable filtering on the bridge interface";
1407
	$pconfig['tunable'] = "net.link.bridge.pfil_bridge";
1408
	$pconfig['value'] = "0";
1409
	$config['sysctl']['item'][] = $pconfig;
1410

    
1411
	unset($config['bridge']);
1412

    
1413
	$convert_bridges = false;
1414
	foreach($config['interfaces'] as $intf) {
1415
		if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1416
			$config['bridges'] = array();
1417
			$config['bridges']['bridged'] = array();
1418
			$convert_bridges = true;
1419
			break;
1420
		}
1421
	}
1422
	if ($convert_bridges == true) {
1423
		$i = 0;
1424
		foreach ($config['interfaces'] as $ifr => &$intf) {
1425
			if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1426
				$nbridge = array();
1427
				$nbridge['members'] = "{$ifr},{$intf['bridge']}";
1428
				$nbridge['descr'] = "Converted bridged {$ifr}";
1429
				$nbridge['bridgeif'] = "bridge{$i}";
1430
				$config['bridges']['bridged'][] = $nbridge;
1431
				unset($intf['bridge']);
1432
				$i++;
1433
			}
1434
		}
1435
	}
1436
}
1437

    
1438

    
1439
function upgrade_051_to_052() {
1440
	global $config;
1441
	$config['openvpn'] = array();
1442
	if (!is_array($config['ca']))
1443
		$config['ca'] = array();
1444
	if (!is_array($config['cert']))
1445
		$config['cert'] = array();
1446

    
1447
	$vpnid = 1;
1448

    
1449
	/* openvpn server configurations */
1450
	if (is_array($config['installedpackages']['openvpnserver'])) {
1451
		$config['openvpn']['openvpn-server'] = array();
1452

    
1453
		$index = 1;
1454
		foreach($config['installedpackages']['openvpnserver']['config'] as $server) {
1455

    
1456
			if (!is_array($server))
1457
				continue;
1458

    
1459
			if ($server['auth_method'] == "pki") {
1460

    
1461
				/* create ca entry */
1462
				$ca = array();
1463
				$ca['refid'] = uniqid();
1464
				$ca['descr'] = "OpenVPN Server CA #{$index}";
1465
				$ca['crt'] = $server['ca_cert'];
1466
				$config['ca'][] = $ca;
1467

    
1468
				/* create ca reference */
1469
				unset($server['ca_cert']);
1470
				$server['caref'] = $ca['refid'];
1471

    
1472
				/* create a crl entry if needed */
1473
				if (!empty($server['crl'][0])) {
1474
					$crl = array();
1475
					$crl['refid'] = uniqid();
1476
					$crl['descr'] = "Imported OpenVPN CRL #{$index}";
1477
					$crl['caref'] = $ca['refid'];
1478
					$crl['text'] = $server['crl'][0];
1479
					if(!is_array($config['crl']))
1480
						$config['crl'] = array();
1481
					$config['crl'][] = $crl;
1482
					$server['crlref'] = $crl['refid'];
1483
				}
1484
				unset($server['crl']);
1485

    
1486
				/* create cert entry */
1487
				$cert = array();
1488
				$cert['refid'] = uniqid();
1489
				$cert['descr'] = "OpenVPN Server Certificate #{$index}";
1490
				$cert['crt'] = $server['server_cert'];
1491
				$cert['prv'] = $server['server_key'];
1492
				$config['cert'][] = $cert;
1493

    
1494
				/* create cert reference */
1495
				unset($server['server_cert']);
1496
				unset($server['server_key']);
1497
				$server['certref'] = $cert['refid'];
1498

    
1499
				$index++;
1500
			}
1501

    
1502
			/* determine operational mode */
1503
			if ($server['auth_method'] == 'pki') {
1504
				if($server['nopool']) {
1505
					$server['mode'] = "p2p_tls";
1506
				} else {
1507
					$server['mode'] = "server_tls";
1508
				}
1509
			} else {
1510
				$server['mode'] = "p2p_shared_key";
1511
			}
1512
			unset($server['auth_method']);
1513

    
1514
			/* modify configuration values */
1515
			$server['dh_length'] = 1024;
1516
			unset($server['dh_params']);
1517
			if (!$server['interface'])
1518
				$server['interface'] = 'wan';
1519
			$server['tunnel_network'] = $server['addresspool'];
1520
			unset($server['addresspool']);
1521
			if (isset($server['use_lzo'])) {
1522
				$server['compression'] = "on";
1523
				unset($server['use_lzo']);
1524
			}
1525
			if ($server['nopool'])
1526
				$server['pool_enable'] = false;
1527
			else
1528
				$server['pool_enable'] = "yes";
1529
			unset($server['nopool']);
1530
			$server['dns_domain'] = $server['dhcp_domainname'];
1531
			unset($server['dhcp_domainname']);
1532
			$server['dns_server1'] = $server['dhcp_dns'];
1533
			unset($server['dhcp_dns']);
1534
			$server['ntp_server1'] = $server['dhcp_ntp'];
1535
			unset($server['dhcp_ntp']);
1536
			if ($server['dhcp_nbtdisable'])
1537
				$server['netbios_enable'] = false;
1538
			else
1539
				$server['netbios_enable'] = "yes";
1540
			unset($server['dhcp_nbtdisable']);
1541
			$server['netbios_ntype'] = $server['dhcp_nbttype'];
1542
			unset($server['dhcp_nbttype']);
1543
			$server['netbios_scope'] = $server['dhcp_nbtscope'];
1544
			unset($server['dhcp_nbtscope']);
1545
			$server['nbdd_server1'] = $server['dhcp_nbdd'];
1546
			unset($server['dhcp_nbdd']);
1547
			$server['wins_server1'] = $server['dhcp_wins'];
1548
			unset($server['dhcp_wins']);
1549

    
1550
			if (!empty($server['disable']))
1551
				$server['disable'] = true;
1552
			else
1553
				unset($server['disable']);
1554

    
1555
			/* allocate vpnid */
1556
			$server['vpnid'] = $vpnid++;
1557

    
1558
			if (!empty($server['custom_options'])) {
1559
				$cstmopts = array();
1560
				$tmpcstmopts = explode(";", $server['custom_options']);
1561
				$assigned = false;
1562
				$tmpstr = "";
1563
				foreach ($tmpcstmopts as $tmpcstmopt) {
1564
					$tmpstr = str_replace(" ", "", $tmpcstmopt);
1565
					if (substr($tmpstr,0 ,6) == "devtun") {
1566
						$assigned = true;
1567
						continue;
1568
					} else if (substr($tmpstr, 0, 5) == "local") {
1569
						$localip = substr($tmpstr, 6);
1570
						$server['ipaddr'] = str_replace("\n", "", $localip);
1571
					} else
1572
						$cstmopts[] = $tmpcstmopt;
1573
				}
1574
				$server['custom_options'] = implode(";", $cstmopts);
1575
				if ($assigned == true) {
1576
					$realif = substr($tmpstr, 3);
1577
					foreach ($config['interfaces'] as $iface => $cfgif) {
1578
						if ($cfgif['if'] == $realif) {
1579
							$config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}";
1580
							break;
1581
						}
1582
					}
1583
				}
1584
			}
1585

    
1586
			$config['openvpn']['openvpn-server'][] = $server;
1587
		}
1588
		unset($config['installedpackages']['openvpnserver']);
1589
	}
1590

    
1591
	/* openvpn client configurations */
1592
	if (is_array($config['installedpackages']['openvpnclient'])) {
1593
		$config['openvpn']['openvpn-client'] = array();
1594

    
1595
		$index = 1;
1596
		foreach($config['installedpackages']['openvpnclient']['config'] as $client) {
1597

    
1598
			if (!is_array($client))
1599
				continue;
1600

    
1601
			if ($client['auth_method'] == "pki") {
1602

    
1603
				/* create ca entry */
1604
				$ca = array();
1605
				$ca['refid'] = uniqid();
1606
				$ca['descr'] = "OpenVPN Client CA #{$index}";
1607
				$ca['crt'] = $client['ca_cert'];
1608
				$ca['crl'] = $client['crl'];
1609
				$config['ca'][] = $ca;
1610

    
1611
				/* create ca reference */
1612
				unset($client['ca_cert']);
1613
				unset($client['crl']);
1614
				$client['caref'] = $ca['refid'];
1615

    
1616
				/* create cert entry */
1617
				$cert = array();
1618
				$cert['refid'] = uniqid();
1619
				$cert['descr'] = "OpenVPN Client Certificate #{$index}";
1620
				$cert['crt'] = $client['client_cert'];
1621
				$cert['prv'] = $client['client_key'];
1622
				$config['cert'][] = $cert;
1623

    
1624
				/* create cert reference */
1625
				unset($client['client_cert']);
1626
				unset($client['client_key']);
1627
				$client['certref'] = $cert['refid'];
1628

    
1629
				$index++;
1630
			}
1631

    
1632
			/* determine operational mode */
1633
			if ($client['auth_method'] == 'pki')
1634
				$client['mode'] = "p2p_tls";
1635
			else
1636
				$client['mode'] = "p2p_shared_key";
1637
			unset($client['auth_method']);
1638

    
1639
			/* modify configuration values */
1640
			if (!$client['interface'])
1641
				$client['interface'] = 'wan';
1642
			$client['tunnel_network'] = $client['interface_ip'];
1643
			unset($client['interface_ip']);
1644
			$client['server_addr'] = $client['serveraddr'];
1645
			unset($client['serveraddr']);
1646
			$client['server_port'] = $client['serverport'];
1647
			unset($client['serverport']);
1648
			$client['proxy_addr'] = $client['poxy_hostname'];
1649
			unset($client['proxy_addr']);
1650
			if (isset($client['use_lzo'])) {
1651
				$client['compression'] = "on";
1652
				unset($client['use_lzo']);
1653
			}
1654
			$client['resolve_retry'] = $client['infiniteresolvretry'];
1655
			unset($client['infiniteresolvretry']);
1656

    
1657
			/* allocate vpnid */
1658
			$client['vpnid'] = $vpnid++;
1659

    
1660
			if (!empty($client['custom_options'])) {
1661
				$cstmopts = array();
1662
				$tmpcstmopts = explode(";", $client['custom_options']);
1663
				$assigned = false;
1664
				$tmpstr = "";
1665
				foreach ($tmpcstmopts as $tmpcstmopt) {
1666
					$tmpstr = str_replace(" ", "", $tmpcstmopt);
1667
					if (substr($tmpstr,0 ,6) == "devtun") {
1668
						$assigned = true;
1669
						continue;
1670
					} else if (substr($tmpstr, 0, 5) == "local") {
1671
                                                $localip = substr($tmpstr, 6);
1672
                                                $client['ipaddr'] = str_replace("\n", "", $localip);
1673
					} else
1674
						$cstmopts[] = $tmpcstmopt;
1675
				}
1676
				$client['custom_options'] = implode(";", $cstmopts);
1677
				if ($assigned == true) {
1678
					$realif = substr($tmpstr, 3);
1679
					foreach ($config['interfaces'] as $iface => $cfgif) {
1680
						if ($cfgif['if'] == $realif) {
1681
							$config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}";
1682
							break;
1683
						}
1684
					}
1685
				}
1686
			}
1687

    
1688
			if (!empty($client['disable']))
1689
				$client['disable'] = true;
1690
			else
1691
				unset($client['disable']);
1692

    
1693
			$config['openvpn']['openvpn-client'][] = $client;
1694
		}
1695

    
1696
		unset($config['installedpackages']['openvpnclient']);
1697
	}
1698

    
1699
	/* openvpn client specific configurations */
1700
	if (is_array($config['installedpackages']['openvpncsc'])) {
1701
		$config['openvpn']['openvpn-csc'] = array();
1702

    
1703
		foreach($config['installedpackages']['openvpncsc']['config'] as $csc) {
1704

    
1705
			if (!is_array($csc))
1706
				continue;
1707

    
1708
			/* modify configuration values */
1709
			$csc['common_name'] = $csc['commonname'];
1710
			unset($csc['commonname']);
1711
			$csc['tunnel_network'] = $csc['ifconfig_push'];
1712
			unset($csc['ifconfig_push']);
1713
			$csc['dns_domain'] = $csc['dhcp_domainname'];
1714
			unset($csc['dhcp_domainname']);
1715
			$csc['dns_server1'] = $csc['dhcp_dns'];
1716
			unset($csc['dhcp_dns']);
1717
			$csc['ntp_server1'] = $csc['dhcp_ntp'];
1718
			unset($csc['dhcp_ntp']);
1719
			if ($csc['dhcp_nbtdisable'])
1720
				$csc['netbios_enable'] = false;
1721
			else
1722
				$csc['netbios_enable'] = "yes";
1723
			unset($csc['dhcp_nbtdisable']);
1724
			$csc['netbios_ntype'] = $csc['dhcp_nbttype'];
1725
			unset($csc['dhcp_nbttype']);
1726
			$csc['netbios_scope'] = $csc['dhcp_nbtscope'];
1727
			unset($csc['dhcp_nbtscope']);
1728
			$csc['nbdd_server1'] = $csc['dhcp_nbdd'];
1729
			unset($csc['dhcp_nbdd']);
1730
			$csc['wins_server1'] = $csc['dhcp_wins'];
1731
			unset($csc['dhcp_wins']);
1732

    
1733
			if (!empty($csc['disable']))
1734
				$csc['disable'] = true;
1735
			else
1736
				unset($csc['disable']);
1737

    
1738
			$config['openvpn']['openvpn-csc'][] = $csc;
1739
		}
1740

    
1741
		unset($config['installedpackages']['openvpncsc']);
1742
	}
1743

    
1744
	if (count($config['openvpn']['openvpn-server']) > 0 ||
1745
		count($config['openvpn']['openvpn-client']) > 0) {
1746
		$ovpnrule = array();
1747
                $ovpnrule['type'] = "pass";
1748
                $ovpnrule['interface'] = "openvpn";
1749
                $ovpnrule['statetype'] = "keep state";
1750
                $ovpnrule['source'] = array();
1751
                $ovpnrule['destination'] = array();
1752
                $ovpnrule['source']['any'] = true;
1753
                $ovpnrule['destination']['any'] = true;
1754
                $ovpnrule['descr'] = "Auto added OpenVPN rule from config upgrade.";
1755
		$config['filter']['rule'][] = $ovpnrule;
1756
	}
1757

    
1758
	/*
1759
		* FIXME: hack to keep things working with no installedpackages
1760
		* or carp array in the configuration data.
1761
		*/
1762
	if (!is_array($config['installedpackages']))
1763
		$config['installedpackages'] = array();
1764
	if (!is_array($config['installedpackages']['carp']))
1765
		$config['installedpackages']['carp'] = array();
1766

    
1767
}
1768

    
1769

    
1770
function upgrade_052_to_053() {
1771
	global $config;
1772
	if (!is_array($config['ca']))
1773
		$config['ca'] = array();
1774
	if (!is_array($config['cert']))
1775
		$config['cert'] = array();
1776

    
1777
	/* migrate advanced admin page webui ssl to certifcate mngr */
1778
	if ($config['system']['webgui']['certificate'] &&
1779
	$config['system']['webgui']['private-key']) {
1780

    
1781
		/* create cert entry */
1782
		$cert = array();
1783
		$cert['refid'] = uniqid();
1784
		$cert['descr'] = "webConfigurator SSL Certificate";
1785
		$cert['crt'] = $config['system']['webgui']['certificate'];
1786
		$cert['prv'] = $config['system']['webgui']['private-key'];
1787
		$config['cert'][] = $cert;
1788

    
1789
		/* create cert reference */
1790
		unset($config['system']['webgui']['certificate']);
1791
		unset($config['system']['webgui']['private-key']);
1792
		$config['system']['webgui']['ssl-certref'] = $cert['refid'];
1793
	}
1794

    
1795
	/* migrate advanced admin page ssh keys to user manager */
1796
	if ($config['system']['ssh']['authorizedkeys']) {
1797
		$admin_user =& getUserEntryByUID(0);
1798
		$admin_user['authorizedkeys'] = $config['system']['ssh']['authorizedkeys'];
1799
		unset($config['system']['ssh']['authorizedkeys']);
1800
	}
1801
}
1802

    
1803

    
1804
function upgrade_053_to_054() {
1805
	global $config;
1806
	if(is_array($config['load_balancer']['lbpool'])) {
1807
		$lbpool_arr = $config['load_balancer']['lbpool'];
1808
		$lbpool_srv_arr = array();
1809
		$gateway_group_arr = array();
1810
		$gateways = return_gateways_array();
1811
		if (! is_array($config['gateways']['gateway_item']))
1812
			$config['gateways']['gateway_item'] = array();
1813

    
1814
		$a_gateways =& $config['gateways']['gateway_item'];
1815
		foreach($lbpool_arr as $lbpool) {
1816
			if($lbpool['type'] == "gateway") {
1817
				$gateway_group['name'] = $lbpool['name'];
1818
				$gateway_group['descr'] = $lbpool['descr'];
1819
				$gateway_group['trigger'] = "down";
1820
				$gateway_group['item'] = array();
1821
				$i = 0;
1822
				foreach($lbpool['servers'] as $member) {
1823
					$split = split("\|", $member);
1824
					$interface = $split[0];
1825
					$monitor = $split[1];
1826
					/* on static upgraded configuration we automatically prepend GW_ */
1827
					$static_name = "GW_" . strtoupper($interface);
1828
					if(is_ipaddr($monitor))
1829
						foreach ($a_gateways as & $gw)
1830
							if ($gw['name'] == $static_name)
1831
								$gw['monitor'] = $monitor;
1832

    
1833
					/* on failover increment tier. Else always assign 1 */
1834
					if($lbpool['behaviour'] == "failover") {
1835
						$i++;
1836
					} else {
1837
						$i = 1;
1838
					}
1839
					$gateway_group['item'][] = "$static_name|$i";
1840
				}
1841
				$gateway_group_arr[] = $gateway_group;
1842
			} else {
1843
				$lbpool_srv_arr[] = $lbpool;
1844
			}
1845
		}
1846
		$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
1847
		$config['gateways']['gateway_group'] = $gateway_group_arr;
1848
	}
1849
	// Unset lbpool if we no longer have any server pools
1850
	if (count($lbpool_srv_arr) == 0) {
1851
		if(empty($config['load_balancer'])) {
1852
			unset($config['load_balancer']);
1853
		} else {
1854
			unset($config['load_balancer']['lbpool']);
1855
		}
1856
	} else {
1857
		$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
1858
	}
1859
	// Only set the gateway group array if we converted any
1860
	if (count($gateway_group_arr) != 0) {
1861
		$config['gateways']['gateway_group'] = $gateway_group_arr;
1862
	}
1863
}
1864

    
1865

    
1866
function upgrade_054_to_055() {
1867
	global $config;
1868
	global $g;
1869

    
1870
	/* RRD files changed for quality, traffic and packets graphs */
1871
	//ini_set("max_execution_time", "1800");
1872
	/* convert traffic RRD file */
1873
	global $parsedcfg, $listtags;
1874
	$listtags = array("ds", "v", "rra", "row");
1875

    
1876
	$rrddbpath = "/var/db/rrd/";
1877
	$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
1878

    
1879
	$rrdinterval = 60;
1880
	$valid = $rrdinterval * 2;
1881

    
1882
	/* Asume GigE for now */
1883
	$downstream = 125000000;
1884
	$upstream = 125000000;
1885

    
1886
	/* build a list of quality databases */
1887
	/* roundtrip has become delay */
1888
	function divide_delay($delayval) {
1889
		$delayval = floatval($delayval);
1890
		$delayval = ($delayval / 1000);
1891
		$delayval = " ". sprintf("%1.10e", $delayval) ." ";
1892
		return $delayval;
1893
	}
1894
	/* the roundtrip times need to be divided by 1000 to get seconds, really */
1895
	$databases = array();
1896
	if (!file_exists($rrddbpath))
1897
		@mkdir($rrddbpath);
1898
	chdir($rrddbpath);
1899
	$databases = glob("*-quality.rrd");
1900
	rsort($databases);
1901
	foreach($databases as $database) {
1902
		$xmldump = "{$database}.old.xml";
1903
		$xmldumpnew = "{$database}.new.xml";
1904

    
1905
		if ($g['booting'])
1906
			echo "Migrate RRD database {$database} to new format \n";
1907
		mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1");
1908

    
1909
		dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
1910
		$rrdoldxml = file_get_contents("{$g['tmp_path']}/{$xmldump}");
1911
		$rrdold = xml2array($rrdoldxml, 1, "tag");
1912
		$rrdold = $rrdold['rrd'];
1913

    
1914
		$i = 0;
1915
		foreach($rrdold['rra'] as $rra) {
1916
			$l = 0;
1917
			foreach($rra['database']['row'] as $row) {
1918
				$vnew = divide_delay($row['v'][1]);
1919
				$rrdold['rra'][$i]['database']['row'][$l]['v'][1] = $vnew;
1920
				$l++;
1921
			}
1922
			$i++;
1923
		}
1924

    
1925
		$rrdxml = dump_xml_config_raw($rrdold, "rrd");
1926
		file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $rrdxml);
1927
		mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
1928

    
1929
	}
1930
	/* let apinger recreate required files */
1931
	setup_gateways_monitor();
1932

    
1933
	/* build a list of traffic and packets databases */
1934
	$databases = array();
1935
	exec("cd $rrddbpath;/usr/bin/find *-traffic.rrd *-packets.rrd", $databases);
1936
	rsort($databases);
1937
	foreach($databases as $database) {
1938
		$databasetmp = "{$database}.tmp";
1939
		$xmldump = "{$database}.old.xml";
1940
		$xmldumptmp = "{$database}.tmp.xml";
1941
		$xmldumpnew = "{$database}.new.xml";
1942

    
1943
		if ($g['booting'])
1944
			echo "Migrate RRD database {$database} to new format \n";
1945
		/* rename DS source */
1946
		mwexec("$rrdtool tune {$rrddbpath}/{$database} -r in:inpass 2>&1");
1947
		mwexec("$rrdtool tune {$rrddbpath}/{$database} -r out:outpass 2>71");
1948

    
1949
		/* dump contents to xml and move database out of the way */
1950
		dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
1951

    
1952
		/* create new rrd database file */
1953
		$rrdcreate = "$rrdtool create {$g['tmp_path']}/{$databasetmp} --step $rrdinterval ";
1954
		$rrdcreate .= "DS:inpass:COUNTER:$valid:0:$downstream ";
1955
		$rrdcreate .= "DS:outpass:COUNTER:$valid:0:$upstream ";
1956
		$rrdcreate .= "DS:inblock:COUNTER:$valid:0:$downstream ";
1957
		$rrdcreate .= "DS:outblock:COUNTER:$valid:0:$upstream ";
1958
		$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
1959
		$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
1960
		$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
1961
		$rrdcreate .= "RRA:AVERAGE:0.5:720:3000 ";
1962

    
1963
		create_new_rrd("$rrdcreate");
1964
		/* create temporary xml from new RRD */
1965
		dump_rrd_to_xml("{$g['tmp_path']}/{$databasetmp}", "{$g['tmp_path']}/{$xmldumptmp}");
1966

    
1967
		$rrdoldxml = file_get_contents("{$g['tmp_path']}/{$xmldump}");
1968
		$rrdold = xml2array($rrdoldxml, 1, "tag");
1969
		$rrdold = $rrdold['rrd'];
1970

    
1971
		$rrdnewxml = file_get_contents("{$g['tmp_path']}/{$xmldumptmp}");
1972
		$rrdnew = xml2array($rrdnewxml, 1, "tag");
1973
		$rrdnew = $rrdnew['rrd'];
1974

    
1975
		/* remove any MAX RRA's. Not needed for traffic. */
1976
		$i = 0;
1977
		foreach ($rrdold['rra'] as $rra) {
1978
			if(trim($rra['cf']) == "MAX") {
1979
				unset($rrdold['rra'][$i]);
1980
			}
1981
			$i++;
1982
		}
1983

    
1984
		$rrdxmlarray = migrate_rrd_format($rrdold, $rrdnew);
1985
		$rrdxml = dump_xml_config_raw($rrdxmlarray, "rrd");
1986
		file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $rrdxml);
1987
		mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
1988

    
1989
	}
1990
	enable_rrd_graphing();
1991
	if ($g['booting'])
1992
		echo "Updating configuration...";
1993
}
1994

    
1995

    
1996
function upgrade_055_to_056() {
1997
	global $config;
1998

    
1999
	if (!is_array($config['ca']))
2000
		$config['ca'] = array();
2001
	if (!is_array($config['cert']))
2002
		$config['cert'] = array();
2003

    
2004
	/* migrate ipsec ca's to cert manager */
2005
	if (is_array($config['ipsec']['cacert'])) {
2006
		foreach($config['ipsec']['cacert'] as & $cacert) {
2007
			$ca = array();
2008
			$ca['refid'] = uniqid();
2009
			if (is_array($cacert['cert']))
2010
				$ca['crt'] = $cacert['cert'][0];
2011
			else
2012
				$ca['crt'] = $cacert['cert'];
2013
			$ca['descr'] = $cacert['ident'];
2014
			$config['ca'][] = $ca;
2015
		}
2016
		unset($config['ipsec']['cacert']);
2017
	}
2018

    
2019
	/* migrate phase1 certificates to cert manager */
2020
	if (is_array($config['ipsec']['phase1'])) {
2021
		foreach($config['ipsec']['phase1'] as & $ph1ent) {
2022
			$cert = array();
2023
			$cert['refid'] = uniqid();
2024
			$cert['descr'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
2025
			if (is_array($ph1ent['cert']))
2026
				$cert['crt'] = $ph1ent['cert'][0];
2027
			else
2028
				$cert['crt'] = $ph1ent['cert'];
2029
			$cert['prv'] = $ph1ent['private-key'];
2030
			$config['cert'][] = $cert;
2031
			$ph1ent['certref'] = $cert['refid'];
2032
			if ($ph1ent['cert'])
2033
				unset($ph1ent['cert']);
2034
			if ($ph1ent['private-key'])
2035
				unset($ph1ent['private-key']);
2036
			if ($ph1ent['peercert'])
2037
				unset($ph1ent['peercert']);
2038
		}
2039
	}
2040
}
2041

    
2042

    
2043
function upgrade_056_to_057() {
2044
	global $config;
2045
	if (!is_array($config['system']['user']))
2046
		$config['system']['user'] = array();
2047
	/* migrate captivate portal to user manager */
2048
	if (is_array($config['captiveportal']['user'])) {
2049
		foreach($config['captiveportal']['user'] as $user) {
2050
			// avoid user conflicts
2051
			$found = false;
2052
			foreach ($config['system']['user'] as $userent) {
2053
				if ($userent['name'] == $user['name']) {
2054
					$found = true;
2055
					break;
2056
				}
2057
			}
2058
			if ($found)
2059
				continue;
2060
			$user['scope'] = "user";
2061
			if (isset($user['expirationdate'])) {
2062
				$user['expires'] = $user['expirationdate'];
2063
				unset($user['expirationdate']);
2064
			}
2065
			if (isset($user['password'])) {
2066
				$user['md5-hash'] = $user['password'];
2067
				unset($user['password']);
2068
			}
2069
			$user['uid'] = $config['system']['nextuid']++;
2070
			$config['system']['user'][] = $user;
2071
		}
2072
		unset($config['captiveportal']['user']);
2073
	}
2074
}
2075

    
2076
function upgrade_057_to_058() {
2077
	global $config;
2078
	/* set all phase2 entries to tunnel mode */
2079
	if (is_array($config['ipsec']['phase2']))
2080
		foreach($config['ipsec']['phase2'] as & $ph2ent)
2081
			$ph2ent['mode'] = 'tunnel';
2082
}
2083

    
2084
function upgrade_058_to_059() {
2085
	global $config;
2086

    
2087
	if (is_array($config['schedules']['schedule'])) {
2088
		foreach ($config['schedules']['schedule'] as & $schedl)
2089
			$schedl['schedlabel'] = uniqid();
2090
	}
2091
}
2092

    
2093
function upgrade_059_to_060() {
2094
	global $config;
2095
	require_once("/etc/inc/certs.inc");
2096
	if (is_array($config['ca'])) {
2097
		/* Locate issuer for all CAs */
2098
		foreach ($config['ca'] as & $ca) {
2099
			$subject = cert_get_subject($ca['crt']);
2100
			$issuer = cert_get_issuer($ca['crt']);
2101
			if($issuer <> $subject) {
2102
				$issuer_crt =& lookup_ca_by_subject($issuer);
2103
				if($issuer_crt)
2104
					$ca['caref'] = $issuer_crt['refid'];
2105
			}
2106
		}
2107
		
2108
		/* Locate issuer for all certificates */
2109
		if (is_array($config['cert'])) {
2110
			foreach ($config['cert'] as & $cert) {
2111
				$subject = cert_get_subject($cert['crt']);
2112
				$issuer = cert_get_issuer($cert['crt']);
2113
				if($issuer <> $subject) {
2114
					$issuer_crt =& lookup_ca_by_subject($issuer);
2115
					if($issuer_crt)
2116
						$cert['caref'] = $issuer_crt['refid'];
2117
				}
2118
			}
2119
		}
2120
	}
2121
}
2122

    
2123
function upgrade_060_to_061() {
2124
	global $config;
2125

    
2126
	if (is_array($config['interfaces']['wan']))
2127
		$config['interfaces']['wan']['enable'] = true;
2128
	if (is_array($config['interfaces']['lan']))
2129
		$config['interfaces']['lan']['enable'] = true;
2130
}
2131

    
2132
function upgrade_061_to_062() {
2133
	global $config;
2134

    
2135
	/* Convert NAT port forwarding rules */
2136
	if (is_array($config['nat']['rule'])) {
2137
		$a_nat = &$config['nat']['rule'];
2138

    
2139
		foreach ($a_nat as &$natent) {
2140
			$natent['disabled'] = false;
2141
			$natent['nordr']    = false;
2142

    
2143
			$natent['source'] = array(
2144
				"not"     => false,
2145
				"any"     => true,
2146
				"port"    => ""
2147
			);
2148

    
2149
			$natent['destination'] = array(
2150
				"not"     => false,
2151
				"address" => $natent['external-address'],
2152
				"port"    => $natent['external-port']
2153
			);
2154

    
2155
			if (empty($natent['destination']['address'])) {
2156
				unset($natent['destination']['address']);
2157
				$natent['destination']['network'] = $natent['interface'] . 'ip';
2158
			} else if ($natent['destination']['address'] == 'any') {
2159
				unset($natent['destination']['address']);
2160
				$natent['destination']['any'] = true;
2161
			}
2162

    
2163
			unset($natent['external-address']);
2164
			unset($natent['external-port']);
2165
		}
2166

    
2167
		unset($natent);
2168
	}
2169
}
2170

    
2171
function upgrade_062_to_063() {
2172
	/* Upgrade legacy Themes to the new pfsense_ng */
2173
	global $config;
2174

    
2175
	switch($config['theme']) {
2176
		case "nervecenter":
2177
			$config['theme'] = "pfsense_ng";
2178
			break;
2179
	}
2180
	
2181
}
2182

    
2183
function upgrade_063_to_064() {
2184
	global $config;
2185
	$j=0;
2186
	$ifcfg = &$config['interfaces'];
2187
	
2188
	if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {	
2189
		foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
2190
			$config['ppps']['ppp'][$pppid]['if'] = "ppp".$j;
2191
			$config['ppps']['ppp'][$pppid]['ptpid'] = $j;
2192
			$j++;
2193
			if (isset($ppp['port'])){
2194
				$config['ppps']['ppp'][$pppid]['ports'] = $ppp['port'];
2195
				unset($config['ppps']['ppp'][$pppid]['port']);
2196
			}
2197
			if (!isset($ppp['type'])){
2198
				$config['ppps']['ppp'][$pppid]['type'] = "ppp";
2199
			}
2200
			if (isset($ppp['defaultgw']))
2201
				unset($config['ppps']['ppp'][$pppid]['defaultgw']);
2202
		}
2203
	}
2204
	
2205
	if (!is_array($config['ppps']['ppp']))
2206
		$config['ppps']['ppp'] = array();
2207
	$a_ppps = &$config['ppps']['ppp'];
2208

    
2209
	foreach ($ifcfg as $ifname => $ifinfo) {
2210
		$ppp = array();
2211
		// For pppoe conversion
2212
		if ($ifinfo['ipaddr'] == "pppoe" || $ifinfo['ipaddr'] == "pptp"){
2213
			if (isset($ifinfo['ptpid']))
2214
				continue;
2215
			$ppp['ptpid'] =  $j;
2216
			$ppp['type'] = $ifinfo['ipaddr'];
2217
			$ppp['if'] = $ifinfo['ipaddr'].$j;
2218
			$ppp['ports'] = $ifinfo['if'];
2219
			if ($ifinfo['ipaddr'] == "pppoe"){
2220
				$ppp['username'] = $ifinfo['pppoe_username'];
2221
				$ppp['password'] = base64_encode($ifinfo['pppoe_password']);
2222
			}
2223
			if ($ifinfo['ipaddr'] == "pptp"){
2224
				$ppp['username'] = $ifinfo['pptp_username'];
2225
				$ppp['password'] = base64_encode($ifinfo['pptp_password']);
2226
			}
2227
			
2228
			if (isset($ifinfo['provider']))
2229
				$ppp['provider'] = $ifinfo['provider'];
2230
			if (isset($ifinfo['ondemand']))
2231
				$ppp['ondemand'] = true;
2232
			if (isset($ifinfo['timeout']))
2233
				$ppp['idletimeout'] = $ifinfo['timeout'];
2234
			if (isset($ifinfo['pppoe']['pppoe-reset-type'])){
2235
				$ppp['pppoe-reset-type'] = $ifinfo['pppoe']['pppoe-reset-type'];
2236
				if (is_array($config['cron']['item'])) {
2237
					for ($i = 0; $i < count($config['cron']['item']); $i++) {
2238
						$item = $config['cron']['item'][$i];
2239
						if (strpos($item['command'], "/conf/pppoe{$ifname}restart") !== false)
2240
							$config['cron']['item'][$i]['command'] = "/var/etc/pppoe_restart_" . $ppp['if'];
2241
					}
2242
				}
2243
			}
2244
			if (isset($ifinfo['local']))
2245
				$ppp['localip'] = $ifinfo['local'];
2246
			if (isset($ifinfo['subnet']))
2247
				$ppp['subnet'] = $ifinfo['subnet'];
2248
			if (isset($ifinfo['remote']))
2249
				$ppp['gateway'] = $ifinfo['remote'];
2250

    
2251
			$ifcfg[$ifname]['if'] = $ifinfo['ipaddr'].$j;
2252
			$j++;
2253
			
2254
			unset($ifcfg[$ifname]['pppoe_username']);
2255
			unset($ifcfg[$ifname]['pppoe_password']);
2256
			unset($ifcfg[$ifname]['provider']);
2257
			unset($ifcfg[$ifname]['ondemand']);
2258
			unset($ifcfg[$ifname]['timeout']);
2259
			unset($ifcfg[$ifname]['pppoe_reset']);
2260
			unset($ifcfg[$ifname]['pppoe_preset']);
2261
			unset($ifcfg[$ifname]['pppoe']);
2262
			unset($ifcfg[$ifname]['pptp_username']);
2263
			unset($ifcfg[$ifname]['pptp_password']);
2264
			unset($ifcfg[$ifname]['local']);
2265
			unset($ifcfg[$ifname]['subnet']);
2266
			unset($ifcfg[$ifname]['remote']);
2267
			
2268
			$a_ppps[] = $ppp;
2269
			
2270
		}
2271
	}
2272
}
2273

    
2274
function upgrade_064_to_065() {
2275
	/* Disable TSO and LRO in upgraded configs */
2276
	global $config;
2277
	$config['system']['disablesegmentationoffloading'] = true;
2278
	$config['system']['disablelargereceiveoffloading'] = true;
2279
}
2280

    
2281
function upgrade_065_to_066() {
2282
	global $config;
2283

    
2284
	$dhcrelaycfg =& $config['dhcrelay'];
2285

    
2286
        if (is_array($dhcrelaycfg)) {
2287
        	$dhcrelayifs = array();
2288
		$foundifs = false;
2289
        	/* DHCPRelay enabled on any interfaces? */
2290
                foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
2291
                        if (isset($dhcrelayifconf['enable'])) {
2292
				$dhcrelayifs[] = $dhcrelayif;
2293
				unset($dhcrelaycfg['dhcrelayif']);
2294
				$foundifs = true;
2295
			}
2296
                }
2297
		if ($foundifs == true)
2298
			$dhcrelaycfg['interface'] = implode(",", $dhcrelayifs);
2299
        }
2300
}
2301

    
2302
function upgrade_066_to_067() {
2303
	global $config;
2304
	if (isset($config['system']['ca'])) {
2305
		$config['ca'] = $config['system']['ca'];
2306
	}
2307
	if (isset($config['system']['cert'])) {
2308
		$config['cert'] = $config['system']['cert'];
2309
	}
2310
}
2311

    
2312
function upgrade_067_to_068() {
2313
	global $config;
2314

    
2315
	if (!empty($config['pppoe'])) {
2316
		$config['pppoes'] = array();
2317
		$config['pppoes']['pppoe'] = array();
2318
		$config['pppoes']['pppoe'][] = $config['pppoe'][0];
2319

    
2320
		if (is_array($config['pppoe']['user'])) {
2321
			$username = array(); 
2322
			foreach ($config['pppoe']['user'] as $user) {
2323
				$usr = $user['name'] . ":" . base64_encode($user['password']);
2324
				if ($user['ip'])
2325
					$usr .= ":{$user['ip']}";
2326
				$username[] = $usr;
2327
			}
2328
			$config['pppoes']['pppoe'][0]['username'] = implode(" ", $username);
2329
		}
2330
		unset($config['pppoe']);
2331
	}
2332
}
2333

    
2334
function upgrade_068_to_069() {
2335
	global $config;
2336
	if (!is_array($config['system']['user']))
2337
		return;
2338
	foreach ($config['system']['user'] as & $user) {
2339
		if (!is_array($user['cert']))
2340
			continue;
2341
		$rids = array();
2342
		foreach ($user['cert'] as $id => $cert) {
2343
			if (!isset($cert['descr']))
2344
				continue;
2345
			$tcert = $cert;
2346
			// Make sure each cert gets a refid
2347
			if (!isset($tcert['refid']))
2348
				$tcert['refid'] = uniqid();
2349
			// Keep the cert references for this user
2350
			$rids[] = $tcert['refid'];
2351
			$config['cert'][] = $tcert;
2352
		}
2353
		// Replace user certs with cert references instead.
2354
		if (count($rids) > 0)
2355
			$user['cert'] = $rids;
2356
	}
2357
}
2358

    
2359
function upgrade_069_to_070() {
2360
	global $config;
2361

    
2362
	/* Convert NAT 1:1 rules */
2363
	if (is_array($config['nat']['onetoone'])) {
2364
		foreach ($config['nat']['onetoone'] as $nidx => $natent) {
2365
			if ($natent['subnet'] == 32)
2366
				$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal']);
2367
			else
2368
				$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']);
2369

    
2370
			$config['nat']['onetoone'][$nidx]['destination'] = array("any" => true);
2371

    
2372
			unset($config['nat']['onetoone'][$nidx]['internal']);
2373
			unset($config['nat']['onetoone'][$nidx]['subnet']);
2374
		}
2375

    
2376
		unset($natent);
2377
	}
2378
}
2379

    
2380
function upgrade_070_to_071() {
2381
	global $config;
2382

    
2383
	if (is_array($config['cron']['item'])) {
2384
		foreach($config['cron']['item'] as $idx => $cronitem) {
2385
			if(stristr($cronitem['command'], "checkreload.sh")) {
2386
				unset($config['cron']['item'][$idx]);
2387
				break;
2388
			}
2389
		}
2390
	}
2391
}
2392

    
2393
function rename_field(& $section, $oldname, $newname) {
2394
	if (is_array($section)) {
2395
		foreach($section as & $item) {
2396
			if (!empty($item[$oldname]))
2397
				$item[$newname] = $item[$oldname];
2398
			if (isset($item[$oldname]))
2399
				unset($item[$oldname]);
2400
		}
2401
	}
2402
}
2403

    
2404
function upgrade_071_to_072() {
2405
	global $config;
2406
	if (is_array($config['sysctl']) && is_array($config['sysctl']['item']))
2407
		rename_field($config['sysctl']['item'], 'desc', 'descr');
2408
}
2409

    
2410
function upgrade_072_to_073() {
2411
	global $config;
2412
	if (!is_array($config['load_balancer']))
2413
		return;
2414
	if (is_array($config['load_balancer']['monitor_type']))
2415
		rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr');
2416
	if (is_array($config['load_balancer']['lbpool']))
2417
		rename_field($config['load_balancer']['lbpool'], 'desc', 'descr');
2418
	if (is_array($config['load_balancer']['lbaction']))
2419
		rename_field($config['load_balancer']['lbaction'], 'desc', 'descr');
2420
	if (is_array($config['load_balancer']['lbprotocol']))
2421
		rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr');
2422
	if (is_array($config['load_balancer']['virtual_server']))
2423
		rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr');
2424
}
2425

    
2426
function upgrade_073_to_074() {
2427
	global $config;
2428
	rename_field($config['system']['user'], 'fullname', 'descr');
2429
}
2430

    
2431
function upgrade_074_to_075() {
2432
	global $config;
2433
	if (is_array($config['ca']))
2434
		rename_field($config['ca'], 'name', 'descr');
2435
	if (is_array($config['cert']))
2436
		rename_field($config['cert'], 'name', 'descr');
2437
	if (is_array($config['crl']))
2438
		rename_field($config['crl'], 'name', 'descr');
2439
}
2440

    
2441
function upgrade_075_to_076() {
2442
	global $config;
2443
	$cron_item = array();
2444
	$cron_item['minute'] = "30";
2445
	$cron_item['hour'] = "12";
2446
	$cron_item['mday'] = "*";
2447
	$cron_item['month'] = "*";
2448
	$cron_item['wday'] = "*";
2449
	$cron_item['who'] = "root";
2450
	$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_urltables";
2451
	$config['cron']['item'][] = $cron_item;
2452
}
2453

    
2454
function upgrade_076_to_077() {
2455
	global $config;
2456
	foreach($config['filter']['rule'] as & $rule) {
2457
		if (isset($rule['protocol']) && !empty($rule['protocol']))
2458
			$rule['protocol'] = strtolower($rule['protocol']);
2459
	}
2460
}
2461

    
2462
?>
(48-48/61)